Label /dev/qseecom as tee_device.

And grant access to fingerprintd.

Addresses the following denials:
type=1400 audit(1436398733.188:71953): avc: denied { read write } for pid=1740 comm="keystore" name="qseecom" dev="tmpfs" ino=12444 scontext=u:r:keystore:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0
type=1400 audit(1436398734.228:71968): avc: denied { read write } for pid=1743 comm="gatekeeperd" name="qseecom" dev="tmpfs" ino=12444 scontext=u:r:gatekeeperd:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0

Bug: 21435401
Bug: 22360405

Change-Id: I7c989f6f550655c247960257b13ebafe2069d7a1
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 135c25e..db95b1b 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -5,6 +5,7 @@
 # GPU device
 /dev/kgsl-3d0                  u:object_r:gpu_device:s0
 /dev/kgsl                      u:object_r:gpu_device:s0
+/dev/qseecom                   u:object_r:tee_device:s0
 
 # Userdebug only
 /dev/ramdump_.*                u:object_r:ramdump_device:s0
@@ -20,6 +21,7 @@
 # System files
 /system/bin/sensortool\.angler   u:object_r:sensortool_exec:s0
 /system/bin/subsystem_ramdump    u:object_r:ssr_exec:s0
+/system/bin/qseecomd             u:object_r:tee_exec:s0
 
 # Data files
 /data/ramdump(/.*)?              u:object_r:ssr_data_file:s0
diff --git a/sepolicy/fingerprintd.te b/sepolicy/fingerprintd.te
new file mode 100644
index 0000000..a39de44
--- /dev/null
+++ b/sepolicy/fingerprintd.te
@@ -0,0 +1 @@
+allow fingerprintd tee_device:chr_file rw_file_perms;